On the Password Policy page, select any of the following restrictions:
Password Reuse Policy - Prevents the user from re-using old passwords. You must specify a number of recently-used passwords for the system to check.
Derivation of Password From User Identity Fields - Prevents the user from creating a password containing their username, first, middle, or last name, or org defined ID.
Password Age Rules - Select a minimum password age to require users wait a certain number of days between password changes. Select a maximum password age to require users change their passwords after a certain number of days has elapsed since their last password change. You can enable the sending of a password expiry reminder email for the maximum password age restriction.
Password Complexity Rules - Specify password complexity rules by selecting from a set of existing rules (including setting a minimum password length and requiring users include a set number of character classes in their passwords) or creating a validation regular expression.